Forums

Everything posted by Steve1982

I really like the "Security audit" feature of MBAM Android but it's missing a crucial check ... whether or not Android is configured to allow installation from an unknown source. Can this check be added to the "Security audit" feature please?

Hi folks, I just want to verify my MBAM install. Can someone please post the file hashes for the "official" version 3.2.0.704 of "MBAMService.exe" which is typically found at:
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Thanks!

(Oops, previous post got cut off)
Thanks @1PW !! I did use VirusTotal to check the file previously and that is indeed the exact file I have on my system. I was a bit bothered by the fact that it had a -7 community score because someone (for some reason) downvoted it but I see you just upvoted it. Thanks for checking and confirming

It's not a big issue to be honest (if it's an issue at all). I just happened to notice the service consuming slightly higher memory which led me to do some investigation. One thing led to another and since I'm a little paranoid I thought I'd just ask on the forum if someone can post the file hashes for that file. @exile360 or @Firefox do you mind posting the hashes for me so I can give my paranoia a rest

I'm pretty sure it's valid, just doing some due diligence. I see somewhat high memory usage from time to time. There's a lot of posts on the board about a previous issue related to high CPU/memory usage for mbamservice.exe so I just wanted to make extra sure

Hi, I'm probably missing something obvious ...
When I run an on-demand scan it's very easy to see what the result of the scan was since there's a big counter while the sscan is running, and at the end there's a big checkmark with the words "No malware found!" which is very reassuring.
However, when Malwarebytes automatically runs a scan after a database update, the only feedback I get is an entry under "Scanner" with the date and time, the time the scan took, and the number of files and apps that was scanned. There is no message saying "No malware found!" or something similar. So how do I know if the "Scan after update" found anything, or not?
Here's a screenshot if it helps ... notice how the top entry that reads "Scan after update" has no message saying what the outcome of the scan was.
Thanks!

Hi, I just did a fresh Windows 10 Pro install and after loading MalwareBytes and Chrome and updating both to the latest versions I ran AdwCleaner.
Much to my dismay, it came back with two entries!
PUP.Optional.Legacy
- Chrome Search Provider Ask
- Chrome Search Provider Ask
That has to be false positives right? See attached files for details. I have two Chrome profiles, hence the two detections. I went to Chrome > Settings > Manage search engines and removed the Ask entries and now AdwCleaner comes up clean.
Is there any reason to be worried at all? I'm pretty sure these are installed by the official Chrome installer but I would love to hear from others who have Chrome installed if they're also seeing this.
Thanks!!
AdwCleaner[S00].txt

@fr33tux @Elisabeth @exile360
Sorry forgot to tag the right people for a response. Since the Ask toolbar is installed by the latest versions(s) of Chrome by default most (if not all) users of AdwCleaner will probably see that detection so a little more clarity around this will be great.

Hi, thanks for the reply.
So just to clarify ... what you're saying is that, even though the Ask search engine is installed by Chrome by default and not "real" malware, you still advise against having it which is why it's reported by AdwCleaner, is that right?
I just want to make sure I don't have anything to worry about (other than the fact that Ask search is installed by Chrome).
Thanks!

I noticed that when I downloaded AdwCleaner 7.2.3.1 from the MalwareBytes website the download location was actually:
https://download.toolslib.net/download/direct/1/latest?channel=release
Is that address legitimate?
The SHA256 on the file I download is 00ae902b55282d3f4e6b506ed956d1b370d38d2b5a07f79b63e731b21970783c. Here is the VirusTotal link. If someone can please confirm the fingerprint I would really appreciate it. Thanks!

HI,
I was looking for info on setting up an ASUS router so I headed over to Google using Microsoft Edge and type in "asus router setup". I switched to the image results and as I was browsing through the image results on Google, MalwareBytes popped up an alert "Website blocked due to Hijack". Since I wasn't even trying to go to the blocked site (I was literally just looking at Google's image result page) I wasn't sure what caused it but then I noticed Edge has a setting called "Use page prediction to speed up browsing, improve reading, and make my overall experience better" and it was turned on.
Is it safe to assume this alert was simply caused by Edge trying to pre-fetch a link it thought I may click on? The blocked site (asusroutersetup.net) relates to the search I was doing so I'm pretty sure that somewhere in the Google results there was a link to the blocked site and Edge was trying to prefetch the page, but it would be great to hear what the experts think.
Naturally I did a full scan using MBAM and Windows Defender and it comes up clean.
FWIW, this is the site that was blocked:
Thanks!

Thanks again for the information! The worst thing about these alerts is the general anxiety it creates when you didn't expect it. I am super careful about where I go online.
It sounds like browser hijacking actually requires the download and installation of software from the blocked domain (I didn't even visit the domain, let alone download and install software from it) so I'm sure I have nothing to worry about.

Thanks for chiming in exile360! I'm sure it had to be something like that although I expected Google to load images on it's image search result page from it's own cache. If not that though, then it was most likely via Edge's "page prediction" feature trying to pre-load some of the links on the search results page in case I clicked one of them. I now have "page prediction" turned off for good measure. Either way I'm sure there's nothing to worry about. It only happened that one time, plus the blocked domain was directly related to the search results, so the odds of this being cause by some sort of background process is basically zero..
On a related note ... after the alert the "Real-time Protection" count went from 0 to 3 even though there was only 1 alert (and only one entry under "Reports). I tried testing with iptest.malwarebytes.org. As expected, MBAM blocked it, but it too incremented the count by 3 (from 3 to 6). So every 1 detection adds 3 to the count. Is this a known bug? I'm on version 3.6.1.2711.
Thanks!